Unrated severityNVD Advisory· Published Aug 12, 2012· Updated Apr 29, 2026

CVE-2012-2577

Description

Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file.

Affected products

SolarWinds/Orion Network Performance Monitor9 versions
cpe:2.3:a:solarwinds:orion_network_performance_monitor:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:solarwinds:orion_network_performance_monitor:*:*:*:*:*:*:*:*range: <=10.2
- cpe:2.3:a:solarwinds:orion_network_performance_monitor:7.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_network_performance_monitor:8.5:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_network_performance_monitor:8.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_network_performance_monitor:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_network_performance_monitor:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_network_performance_monitor:9.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/54624nvdExploit
secunia.com/advisories/50004nvdVendor Advisory
www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htmnvdVendor Advisory
www.kb.cert.org/vuls/id/174119nvdUS Government Resource
exchange.xforce.ibmcloud.com/vulnerabilities/77147nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.015
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000